From patchwork Wed Nov 30 00:56:54 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pavel Shilovskiy X-Patchwork-Id: 9453487 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id A1EC160235 for ; Wed, 30 Nov 2016 02:30:13 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8985628173 for ; Wed, 30 Nov 2016 02:30:13 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 7D36F281A7; Wed, 30 Nov 2016 02:30:13 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 146D028173 for ; Wed, 30 Nov 2016 02:30:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752395AbcK3CaM (ORCPT ); Tue, 29 Nov 2016 21:30:12 -0500 Received: from mail-dm3nam03on0138.outbound.protection.outlook.com ([104.47.41.138]:39232 "EHLO NAM03-DM3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751566AbcK3CaL (ORCPT ); Tue, 29 Nov 2016 21:30:11 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=COwS03aRckLjirD9cmXBdYVZkYgVGsKb97873tti3bA=; b=Q8KU0rbrtZ3D9UlqoJYlBuicS9eFMuaxJJBo+JV02Fo+iqiISmmOIMhYBMlrR9z2zLqkyZuzMSpoM00gMMWu2v2hXmPDTgv0GPABnzPjGuKx33PJwyZ0Hn2rGwA6tDQvr53Ir/vMgfepjPBN/SeVt06MkADkUOuuv3AGfWzgB44= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=pshilov@microsoft.com; Received: from ubuntu-vm.corp.microsoft.com (2001:4898:80e8::63b) by BN6PR03MB2546.namprd03.prod.outlook.com (10.173.142.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.747.10; Wed, 30 Nov 2016 00:57:05 +0000 From: Pavel Shilovsky To: Subject: [PATCH 3/5] CIFS: Fix a possible memory corruption in push locks Date: Tue, 29 Nov 2016 16:56:54 -0800 Message-ID: <1480467416-13636-4-git-send-email-pshilov@microsoft.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1480467416-13636-1-git-send-email-pshilov@microsoft.com> References: <1480467416-13636-1-git-send-email-pshilov@microsoft.com> MIME-Version: 1.0 X-Originating-IP: [2001:4898:80e8::63b] X-ClientProxiedBy: CY4PR08CA0032.namprd08.prod.outlook.com (10.173.247.146) To BN6PR03MB2546.namprd03.prod.outlook.com (10.173.142.149) X-MS-Office365-Filtering-Correlation-Id: b65ad79c-2931-400c-92cf-08d418bbcde4 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001); SRVR:BN6PR03MB2546; X-Microsoft-Exchange-Diagnostics: 1; BN6PR03MB2546; 3:qGdKIZWzLDGJQAd5N44hUOLMFr1pSLWGypTpCDfrAm03WcMLVT5SS8lzms5eVr2BvnFIVsCvsuBXvSJLgG0zW7DI3vEVDxR/jEzIDEGpiZI8OMycZ28cvHX9U2UigviqqC4LAY6s5u6v0nFYb5vFIPgguvLBa6PRoHRpfX6gSNOjMoqr5GFrv+6owhrG8AjoEu5JImlgGu1WL8JTxRYbNIStSmG0PLNV19m/DrMDVeobwAWfVbLNBbhJtwY4CQEzGEeYX83CCIxBWPMAkK6CEQ== X-Microsoft-Exchange-Diagnostics: 1; BN6PR03MB2546; 25:qKOPCkXvX1lZZH8PPD9RWtPpLiVJ+nhLcIwPODCswUZvUIu9UiMBCvGJNuVheuaobyxX16QzUUMCuw2kCueE03jB1/BnkeZJL0YcFU72ZnEFQGnXPT9kFdyQ/kNWRDJQzE5pfTnNvskBl29ZpEU9BlJB/ttPSW9SIVa0zV0/G/5uCaj80FLLoi0UAHJCJVN7ajZibAaB8kqPJsaSxght6PY8tbNiwW/uKM2+OXZJCD9G2GkiEzMpLccqKpm02wpLug6Iu20H3wA5sMvi4XBAYldnWPh4bGjUe+i2dAA4+oDQKMyaA5Ya7SBgqzek/Qm4VU4TGks9rNqfsW91NiTvOgRJcmFegTLWVX8mCz93K6feaVcTg88/Rvx2dzE3WozWFcdhYEKGdbQaCke4Q2VWYcEGFQIvWpZgMvboMujZTLbMwiO+bFd+56bk6XTYeYJOxBujN8waHigZ42lKDZlTjk7uz/qt1Fa5vBiuR2UYvg20aZfI8XBu0omls5fZBeHORSIdPMfwrG+oah1zxZYreilPsTM5LHlId6osQMzbiExSg7E0E9dIRUUsRgP6pFL8zhpJajkjp+DUDiq9ewTuxcJdUAvAjLyR/7L7sCYWwiUf5ZorHCWptf46emYm1ZOyADik71mtel+/4G94Fho+0ncDIXLZCDf96HbuGqKN/Bw0zFjCa7WRY8Ek+EdHDUoTbZ2K9WKx0MNaoGp9q38hJSVYLX+F9Li+GzqMzTvZnorHSfzhr1F0QrEwqCqHPyJZJ/qj1oEs6nmyqX56e9VIDw== X-Microsoft-Exchange-Diagnostics: 1; BN6PR03MB2546; 31:8l23BLw23YhnyqjkYtlzkpBdp0Fq4J5Eiqe0Hnbf0Wo9mROZMoeXMyUrMwVuOtRPoLls2S58s/A3sXNZYJe+iEz3SwJuPX+WdGFUbliKxzgw6ROdpuF3qhrsIgePhYU+V2vk/qYPF9qS3GF07j+p8a9nVNaTx+g5nq4DR41NNcsb56UjReO6+G+GmPWp2tDELN5o9cC9dVWIG4HnKSdZ6olydfi4VAuYC2d60q0hMTvos6PHqDG008IDm+4UTnGTzJL7mDlnso3gsZSXoDX6WXgpNefjztsrh3L4SC6FE3o=; 20:8qbRSVUKW+aj3ZtcCoy3JNLaFn1UwwBsOwiI3fVCkRjSZHbpGX6G8QrKZkSRMKMLtXzI+QGy9jLO9SpRpQxyzvS71Mn4c1tItuZDMqQfTFrwuDIwlujnSLJOPPRAoRLOIdWZpxZfTmbwj+vDYrW19N0mPOrs+5OvGwe6n2/rsIxtsaO+e9tKi3jtXiLfMYxrh1pKZS4HexC9fuv2HjH/o5eLAfB7huvD9X6YLSl+mONsOYR8HuLsG+bIVQyzdMgFXij9Ia0jOh10gfjORYBs+938wir/L7JEncQZjgrU9NFAm6DGruMeiACKjsGfFtz3bC9CeYY+PL7rDjbgMbVA6H/A5ZdK1JHkjpqO0keZdWv2h9rox3A1KIGIyuCYEJaXnk/zlAIa4x4ohXoNYJH8qq4IVbtJr0mnfPDezmxh/Mydx94+idfLmnM+dGycHFMViHXdposjDAEUQdvgm0Zcq30BwoPzJjlmGrI8Xpr+pabUG3wmPgV1iOerftFEKnoB X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(9452136761055); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026)(6041248)(20161123560025)(20161123558021)(20161123564025)(20161123562025)(20161123555025)(6072148)(6047074); SRVR:BN6PR03MB2546; BCL:0; PCL:0; RULEID:; SRVR:BN6PR03MB2546; X-Microsoft-Exchange-Diagnostics: 1; BN6PR03MB2546; 4:V5z/ZLFtdlISIxfk28BgnVYqJBQLwNuZYDC6eTLehZlLRgvEqRmOkCry4vVsKrigZefGwuA6Xb60pPRnhxnvN82laH0h+cPtKDYcvCACZK8xpzpsgTJTQ+mNRaIE6GIlBPcoFHpmx2C9fZTlxRCHLmYk9MBxGAVpDmFdN8rH3QYpZxu5Cc/pGLunyYMrjNTLmuYlAdxSHLGnF9Det/m34Z08qDBtkxVuN7tidMfXSw1D272woM+xB1eFInZgdX+m1mkaUtfHTMUgfBUsKEMeaxUNojcDiGkOqUGy/uEwjU8s3+fwWcrHEdqz+4Y5lIMny7Ho+xBCMyYerpMSRleBew61TKSnY2UoCaf8SJuWpmZjeDOc/weBoP5+GeV96LWUvjJ/a11G2xWLZUlSu0ujmKxdrEDYDs4imG/xoRLRqjrrjeWH+ZttPX5P0LM1usv12i1fQECW4dkFIgPJnK9wMKuIAC9XSghfrJTkHTKnBrCU6vBv12ZRmB8ghMNy+Du7uYPHJqWTgHgp6uToiawjqkuj7p1gW8UT2OywA85Skti8O8OoxNCwt/+6epqCR99vuTHvZDQGRZBm1USchMEe397pe9UrcykZ3aKrlKLMVUSo9JZf/8WO+G4iwKigiLuPfU8ZfUGsbhk01BpvOHxqmuFCF5XL768ODOMtq0dMbSChxUvHR733oYQ86HrvC4Cx X-Forefront-PRVS: 0142F22657 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(4630300001)(6009001)(7916002)(199003)(189002)(6486002)(2351001)(450100001)(5005710100001)(733004)(5660300001)(50226002)(50466002)(81156014)(81166006)(7736002)(8676002)(7846002)(39450400002)(5003940100001)(36756003)(107886002)(10290500002)(110136003)(39410400001)(42186005)(86612001)(68736007)(105586002)(6116002)(6916009)(575784001)(33646002)(101416001)(2950100002)(189998001)(106356001)(305945005)(92566002)(38730400001)(6666003)(2906002)(50986999)(97736004)(48376002)(47776003)(10090500001)(76176999)(86362001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR03MB2546; H:ubuntu-vm.corp.microsoft.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BN6PR03MB2546; 23:/x6K1EZ1rnCLX9q7sG8Xb4a/hJhhcd30nJsVL7yxZ?= =?us-ascii?Q?JRwk6/FkMU/t8jlGxW9OiMWgu5Ucq19LkR+HOquy9lM02oAnWqVvlRh1W9if?= =?us-ascii?Q?sfq+8iTLCWBNTzfVPl5BsXeHYRjpSG9zqmI3eaMY2Yg/Ys0HOyv4KaKHFT09?= =?us-ascii?Q?CRglDH7HHAOLBfjvj8r0ihfNej00v5aSV92v1ydWQEucMpOCBCeqM52eJt6N?= =?us-ascii?Q?L/on7/64qI60D+KgUTMbRFgQpyLt+qQluRrGS6NUQHvX6UFggtB5e1/aqZFo?= =?us-ascii?Q?2N9wlKgzUGUFCWnsJSBPRe8o33dfPcTOnuAAbaUYt9ZnDsKhQxy6RJFa0WJm?= =?us-ascii?Q?3rmpbl6NgOQUhEqKyK1dTrBvM/aIfzmcGaxFs3rx0s3RA8hsF433IDxtDFhg?= =?us-ascii?Q?U1Hl9DwvX//AR+9TdtRDi2GeJTubsw9+hatsM2R8ijEMvCNND3Q+3+64EzrU?= =?us-ascii?Q?n+cRyiwkiGh6N303ELKW63lWVVw5TimzW80P7vVb3dPJ7Zh+kP0/wNi4YLrY?= =?us-ascii?Q?hiqSf5n/GrvQLY1ozreQSMC1Cn/MMVjNPXWoaqCX4OvEr9UGnQOlhQVGlQXv?= =?us-ascii?Q?ITnIhoD9LgGw48EbB3wNs6PvwlDLVr6JTmmWtAKp1e0x01y6et6eEvC1/M00?= =?us-ascii?Q?d1zPO9zv48J0VuT59pD8Jrn7+f8Dntx/zJNgLJHSi2ucdxVaH3/XXFXAjm1E?= =?us-ascii?Q?DkAXwj0uIBpYcLKJ/8ag2PIVJTLb5AqCW2jtaVnqFzNmMbZvSHG+dmvCb1Sg?= =?us-ascii?Q?h6aKmDzm/mXSGpJrHKuPtpDjRXlwrf9IIAiyOYHEPO9HxITN4GNdc7M1j1Ro?= =?us-ascii?Q?Rhiu+1nKbe8NydGSNP0f+boqzcSP2bTml052z08QOLe6A2gqWRupuvvGIpyL?= =?us-ascii?Q?ZfLg/Bf+ix7IDNfqBm/IlYYdKdqg7JdwzVVTPBYVYJ/cmDwRlO2ENCk4HQ+y?= =?us-ascii?Q?0q2YmzQah6QBY+TZ9QwI7QT0KkyvlwuTaDvIItQthGe6yxZtyjg0pB5ficNB?= =?us-ascii?Q?MCtmH8ZAktKG1L4IN5DNiilnCVo5z5C5e0DUxozF7Q+Nrju6ck34oXIwYHl/?= =?us-ascii?Q?HkQMlcxRC0luqBQ/tXAG944eCq4qpjJyYIk2IF1Ghl40yJJnayvWIRd3xnwE?= =?us-ascii?Q?46yPVRxMbwIcO4grP2zDAulNL9tPtL4h4BhdwO8SIs/e0r9yRLNy7NLsczia?= =?us-ascii?Q?kItIXJ2teX9Kr1naHJey5v3aPQ1DCwBVhYc?= X-Microsoft-Exchange-Diagnostics: 1; BN6PR03MB2546; 6:IGIyPAtxYX1u0DAXKy5d3mZUgJE4Bicn7p8ymCmuikhnluShGbKrn2VLld/RQYpWKViZcU3k8PISr1uvOmACqNYct4p7+0z7hCv7f+RKypTAIuhV0YnjY+vXQGfLPd0UI4cvrj6upay+URM7u7FVPiCSGjjKBHB/4k9BO4vvcAX1bLq9hMWt5vc8RH/4YWD2FTymwjtXRejo+1TaxCAz+qMDUnEzrGhFdjDM5Jk6KqKu3AIo6+F58KHfMYtDXFR0gCAjeRCJYc+Oh1FyJ2HbLhhrEeaUpK/D7MofmMA4/bHGXh/N8EubiavAVNrm+webun4Hht0DJc7eePuKuDqOW1/eUiVU/mLIgMfzw8oX4roLA8iYEBKFap13HoPANSML79q0NDSpmDGv9u+NlejgNb0xOQkGved9GfuX2XftrRkneKtD3rL/jBPeNC0IGfc8x0feNXK1UvaCTedPYSTbzr+aQmmcaQbBu7NDWhonbu0I1iBHqATKPsD68iexm1k8; 5:Ua9dRJiWB9QP2UkEFdVwy9bbk9bKkKJai1o39pXKxPCrmRvKp/1HUv6bNeGKosUN4THEvhAxB1KcvkpVHVU3Vn5bDAIB6NvQGTa9QkvhCSJ4e/lR0X+X4Bk2JRVBMWVcTVBLVxGleuxIL4i5+rY2FCaY/Vz+TvamxJuWfUTt5GU=; 24:a3lhnlJWxXOMv6I8oV7oJPDCczHq31u0GgVrWFZYeIm5N1a5KBIyOtAXOfJG/Qr6yT51DdEdAhkI31YB19AePjT5RybHsRH8JxumCUFOJao= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BN6PR03MB2546; 7:1Vc4LmcIy5ywBp+q7j4uYNdV3j1hduRIyUxRrvcUZHFedpNjywlVAbMP/WQywRgKGkQR23m5sDb0bO14rO+iwZobPMajGNNwbhua4xMHRV3n9YNtqqyU18FDXjd9DuTj+nRPfWEiH3FravmYZgEF6Zb/l0c0hupP4b9fAuCvSeiXD2aor/L1/DwFZdQcu+KiG+Zp3VOc2IHaTN2rvDXFYy9hIcJ3Q7X7hI8zcw1drHPXc9LeMUaRn8n6jZDOt7P1+onN0K060r/czH9wIMdaGoEUyx+uLcWNa0ZQrFDit8vjGnLCawI1nBg8QPi82EQhtQnLU1Iyg9UWmhiVzJiCfI2dtEg3SXqVShAQK8N5CGvlodhIAIUlLnSp2vgZIyZo1+rOeC3eIIIXgCVnKbEplW2l3fXi8ilJJV/RoHViZWEag12SnZSO8i6VGpMhdopeEjIkpqIXVnn9wtCNwgsXQg== X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Nov 2016 00:57:05.6010 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR03MB2546 Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP If maxBuf is not 0 but less than a size of SMB2 lock structure we can end up with a memory corruption. Cc: Stable Signed-off-by: Pavel Shilovsky --- fs/cifs/smb2file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/cifs/smb2file.c b/fs/cifs/smb2file.c index f9e766f..b2aff0c 100644 --- a/fs/cifs/smb2file.c +++ b/fs/cifs/smb2file.c @@ -260,7 +260,7 @@ smb2_push_mandatory_locks(struct cifsFileInfo *cfile) * and check it for zero before using. */ max_buf = tlink_tcon(cfile->tlink)->ses->server->maxBuf; - if (!max_buf) { + if (max_buf < sizeof(struct smb2_lock_element)) { free_xid(xid); return -EINVAL; }